So I’ve just finished reading about a new Bluetooth attack called “Bluebourne“. This new attack allows for remote compromise of a Bluetooth-enabled device, even if the devices are not paired to being with!
The announcement follows the disclosure, by security researchers, of 8 new zero-day vulnerabilities in the Bluetooth protocol.
It is theorised that this attack could be turned into a worm, self-propagating between devices that are in-range of each other.
While clearly a complex attack to execute, it does demonstrate the importance of securing all your devices, disabling services that aren’t needed, and of course patch management, even for your IoT devices.